[package] firewall: deliver remove hotplug events for all active zones/networks when...

[openwrt.git] / package / firewall / files / lib / core.sh

diff --git a/package/firewall/files/lib/core.sh b/package/firewall/files/lib/core.sh
index d0b87a7..2178e05 100644 (file)
--- a/package/firewall/files/lib/core.sh
+++ b/package/firewall/files/lib/core.sh
@@ -8,14 +8,13 @@ include /lib/network
 fw_start() {
        fw_init
 
-       lock /var/lock/firewall.start
-
        FW_DEFAULTS_APPLIED=
 
        fw_is_loaded && {
                echo "firewall already loaded" >&2
                exit 1
        }
+
        uci_set_state firewall core "" firewall_state
 
        fw_clear DROP
@@ -40,7 +39,7 @@ fw_start() {
        echo "Loading includes"
        config_foreach fw_load_include include
 
-       [ -n "$FW_NOTRACK_DISABLED" ] && {
+       [ -z "$FW_NOTRACK_DISABLED" ] && {
                echo "Optimizing conntrack"
                config_foreach fw_load_notrack_zone zone
        }
@@ -50,9 +49,8 @@ fw_start() {
 
        fw_callback post core
 
+       uci_set_state firewall core zones "$FW_ZONES"
        uci_set_state firewall core loaded 1
-
-       lock -u /var/lock/firewall.start
 }
 
 fw_stop() {
@@ -60,6 +58,19 @@ fw_stop() {
 
        fw_callback pre stop
 
+       local old_zones z
+       config_get old_zones core zones
+       for z in $old_zones; do
+               local old_networks n i
+               config_get old_networks core "${z}_networks"
+               for n in $old_networks; do
+                       config_get i core "${n}_ifname"
+                       [ -n "$i" ] && env -i ACTION=remove ZONE="$z" \
+                               INTERFACE="$n" DEVICE="$i" \
+                               /sbin/hotplug-call firewall
+               done
+       done
+
        fw_clear ACCEPT
 
        fw_callback post stop